Fails to cleanup records #31
Description
What happened?
- I deployed external-dns with the stackit webhook myself, because I need the CRD support
- I created a DNSEndpoint to create a custom TXT DNS Record
- The DNS Record is created correctly
- I deleted the DNSEndpoint resource from the cluster
- The DNS Record is not removed by external-dns
In the logs of external-dns it seems to be an ownership issue:
time="2025-12-18T16:44:49Z" level=debug msg="Skipping endpoint platform-docs.prod.tech.<redacted>.dev 300 IN TXT google-site-verification=random [] because owner id does not match, found: "", required: "production-external-dns""
How can we reproduce this?
I deployed external-dns using the following values.yaml with the official helm chart:
external-dns:
txtOwnerId: production-external-dns
managedRecordTypes: ["A", "AAAA", "CNAME", "TXT", "MX"]
sources:
- service
- ingress
- crd
policy: sync
provider:
name: webhook
webhook:
image:
repository: ghcr.io/stackitcloud/external-dns-stackit-webhook
tag: v0.3.5
pullPolicy: Always
args:
- --project-id=<project-id>
- --log-level=info
- --auth-key-path=/etc/secrets/stackit/sa.json
extraVolumeMounts:
- name: stackit-sa-volume
mountPath: /etc/secrets/stackit
readOnly: true
service:
port: 8888
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
runAsNonRoot: true
runAsUser: 65532
runAsGroup: 65532
livenessProbe:
httpGet:
path: /healthz
port: 8888
initialDelaySeconds: 10
timeoutSeconds: 5
readinessProbe:
httpGet:
path: /healthz
port: 8888
initialDelaySeconds: 10
timeoutSeconds: 5
extraVolumes:
- name: stackit-sa-volume
secret:
secretName: external-dns-stackit-sa
serviceMonitor:
enabled: trueSearch
- I did search for other open and closed issues before opening this.
Code of Conduct
- I agree to follow this project's Code of Conduct
Additional context
No response